Posts [ 8 ]

Topic: matching linux encrypted passwords

Hi,

I am trying to port my application from PHP to RoR and am having trouble trying to authenticate users. I have taken the passwords from the linux system file /etc/shadow and stored them in mysql. In PHP I am using the following code to match the password entered by the user:

if (CRYPT_MD5 == 1) {

if (crypt($password, $db_password) == $db_password) {

return('OK');

}else{

return('ERROR'); }}

The salt that crypt uses is the encrypted password itself. I have tried lots of different ways to get the same encrypted password in ruby but have not been able to figure this out. I'm also not sure if the passwords are using MD5 or DES encryption, I am assuming they are MD5 as this is what works in PHP but according some sources linux passwords are encrypted using DES encryption.

Re: matching linux encrypted passwords

Hi,

I actually need to use the passwords in /etc/shadow as ruby is interfacing with another application (that cannot be changed) and stores it's passwords in this way, mainly because they have shell accounts. The passwords will be accessed from the same machine (apart from testing) so should have the same crypt functions available to it. I just need to figure out how to access this through ruby.

Re: matching linux encrypted passwords

What Linux distro and version number?

The thing about ruby is that, if it has an equivalent to the PHP crypt, I'm not sure that it uses the underlying system calls as often as PHP does. Odds are that the hashes are quite simply md5 or sha and you can do that directly, but its hard to say.